From 436441378483637571722d875ea308b9c8e6e9f8 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Mon, 8 Nov 2010 23:00:31 -0500 Subject: [PATCH 110/150] - looks like we can remove the directory before we import the pkcs12 bundle without ill effects --- src/plugins/preauth/pkinit/pkinit_crypto_nss.c | 89 ++++++++++------------- 1 files changed, 39 insertions(+), 50 deletions(-) diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c index fd67b58..108150b 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c @@ -78,8 +78,8 @@ /* #define DEBUG_DER "/usr/lib64/nss/unsupported-tools/derdump" */ /* #define DEBUG_SENSITIVE */ -/* Define to do create a temporary on-disk database when we need to import - * PKCS12 identities. */ +/* Define to create a temporary on-disk database when we need to import PKCS12 + * identities. */ #define PKCS12_HACK /* Forward declaration. */ @@ -115,9 +115,6 @@ struct _pkinit_identity_crypto_context { SECMODModule **id_modules; /* used for PKCS11: */ PK11SlotInfo **id_userdbs; /* used for NSS: */ PK11SlotInfo *id_p12_slot; /* used for PKCS12: */ -#ifdef PKCS12_HACK - char *id_p12_slot_dir; /* used for PKCS12: */ -#endif PK11GenericObject **id_objects; /* used with FILE: and DIR: */ CERTCertList *id_certs, *ca_certs; CERTCertificate *id_cert; @@ -652,7 +649,8 @@ crypto_get_p12_slot(struct _pkinit_identity_crypto_context *id) if (id->id_p12_slot == NULL) { configdir = DEFAULT_CONFIGDIR; #ifdef PKCS12_HACK - while ((spec = tempnam(NULL, "pk12")) != NULL) { + /* Figure out where to put the temporary userdb. */ + while ((spec = tempnam(NULL, "pk12-")) != NULL) { if (spec != NULL) { if (mkdir(spec, S_IRWXU) == 0) { configdir = spec; @@ -679,20 +677,44 @@ crypto_get_p12_slot(struct _pkinit_identity_crypto_context *id) id->id_p12_slot = SECMOD_OpenUserDB(spec); } #ifdef PKCS12_HACK - if ((strcmp(configdir, DEFAULT_CONFIGDIR) != 0) && - (id->id_p12_slot != NULL)) { - id->id_p12_slot_dir = PORT_ArenaZAlloc(id->pool, - strlen(configdir) + 1); - if (id->id_p12_slot_dir != NULL) { - strcpy(id->id_p12_slot_dir, configdir); + if (strcmp(configdir, DEFAULT_CONFIGDIR) != 0) { + DIR *dir; + struct dirent *ent; + char *path; + /* First, initialize the slot. */ + if (id->id_p12_slot != NULL) { + if (PK11_NeedUserInit(id->id_p12_slot)) { + PK11_InitPin(id->id_p12_slot, "", ""); + } } - free(configdir); - if (PK11_NeedUserInit(id->id_p12_slot)) { - PK11_InitPin(id->id_p12_slot, "", ""); + /* Scan the directory, deleting all of the contents. */ + dir = opendir(configdir); + if (dir == NULL) { + pkiDebug("%s: error removing directory \"%s\": " + "%s\n", __FUNCTION__, configdir, + strerror(errno)); + } else { + while ((ent = readdir(dir)) != NULL) { + path = PORT_Alloc(strlen(configdir) + + 1 + + strlen(ent->d_name) + + 1); + if (path != NULL) { + sprintf(path, "%s/%s", + configdir, + ent->d_name); + unlink(path); + PORT_Free(path); + } + } + closedir(dir); } + /* Remove the directory itself. */ + rmdir(configdir); + free(configdir); } -#endif } +#endif return id->id_p12_slot; } @@ -701,41 +723,8 @@ crypto_get_p12_slot(struct _pkinit_identity_crypto_context *id) static int crypto_close_p12_slot(struct _pkinit_identity_crypto_context *id) { - int ret = 0; SECMOD_CloseUserDB(id->id_p12_slot); -#ifdef PKCS12_HACK - if (id->id_p12_slot_dir != NULL) { - DIR *dir; - struct dirent *ent; - char *path; - pkiDebug("%s: removing %s\n", __FUNCTION__, - id->id_p12_slot_dir); - dir = opendir(id->id_p12_slot_dir); - if (dir == NULL) { - pkiDebug("%s: error removing directory \"%s\": %s\n", - __FUNCTION__, id->id_p12_slot_dir, - strerror(errno)); - } else { - while ((ent = readdir(dir)) != NULL) { - path = PORT_Alloc(strlen(id->id_p12_slot_dir) + - 1 + - strlen(ent->d_name) + - 1); - if (path != NULL) { - sprintf(path, "%s/%s", - id->id_p12_slot_dir, - ent->d_name); - unlink(path); - PORT_Free(path); - } - - } - closedir(dir); - } - ret = rmdir(id->id_p12_slot_dir); - } -#endif - return ret; + return 0; } void -- 1.7.6.4